public-webappsec@w3.org from September 2016 by date

Thursday, 29 September 2016

• Re: `localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.) Emily Stark (Dunn)
• Re: `localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.) Mike West
• Re: `localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.) Mike West
• Re: `localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.) Anders Rundgren

Wednesday, 28 September 2016

• Re: `localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.) Melvin Carvalho
• Re: `localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.) Emily Stark (Dunn)
• `localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.) Mike West
• Re: Restrict loopback address to Secure Contexts? Anne van Kesteren

Tuesday, 27 September 2016

• RE: Restrict loopback address to Secure Contexts? Crispin Cowan
• Re: Restrict loopback address to Secure Contexts? Mike West
• RE: Restrict loopback address to Secure Contexts? Crispin Cowan
• Re: CSP tools and documentation Artur Janc
• Re: CSP tools and documentation Craig Francis
• [Css-images] Re: CSS fetch integration Henrik Andersson
• Re: Restrict loopback address to Secure Contexts? Eduardo' Vela\
• Re: Restrict loopback address to Secure Contexts? Mike West
• Re: Restrict loopback address to Secure Contexts? Eduardo' Vela\
• Re: Restrict loopback address to Secure Contexts? Mike West
• Re: Restrict loopback address to Secure Contexts? Eduardo' Vela\
• Re: Restrict loopback address to Secure Contexts? Eduardo' Vela\
• Re: Restrict loopback address to Secure Contexts? Mike West
• Re: Restrict loopback address to Secure Contexts? Anne van Kesteren
• Re: Restrict loopback address to Secure Contexts? Mike West
• Re: Restrict loopback address to Secure Contexts? Mike West
• RE: Restrict loopback address to Secure Contexts? Mohan Sekar
• Re: Restrict loopback address to Secure Contexts? Anne van Kesteren
• RE: Restrict loopback address to Secure Contexts? Crispin Cowan
• Re: Restrict loopback address to Secure Contexts? Mike West
• RE: Restrict loopback address to Secure Contexts? Crispin Cowan
• Re: Restrict loopback address to Secure Contexts? Devdatta Akhawe
• CSS fetch integration Jonathan Kingston

Monday, 26 September 2016

• CSP tools and documentation Artur Janc
• RE: Restrict loopback address to Secure Contexts? Crispin Cowan
• Re: Restrict loopback address to Secure Contexts? John Wilander
• RE: Restrict loopback address to Secure Contexts? Crispin Cowan
• Re: HSTS Priming Mike West
• Re: Restrict loopback address to Secure Contexts? Mike West
• Restrict loopback address to Secure Contexts? John Wilander

Thursday, 22 September 2016

• HSTS Priming Kate McKinley

Wednesday, 21 September 2016

• Re: Workshop on Web Application Security 2016 Stanford University, Sep. 9, 2016 ๏̯͡๏ Jasvir Nagra

Friday, 23 September 2016

• Re: remote participation for today's session Brad Hill

Thursday, 22 September 2016

• remote participation for today's session Brad Hill
• webappsec tpac 2016 session agenda (?) Hodges, Jeff

Wednesday, 21 September 2016

• Re: WebAppSec and Auto WG discussion during TPAC Brad Hill
• Re: Isolate-Me explainer Krzysztof Kotowicz
• Re: WebAppSec and Auto WG discussion during TPAC Ted Guild
• Re: Isolate-Me explainer Mike West
• Re: WebAppSec and Auto WG discussion during TPAC Brad Hill
• remote participation for TPAC Brad Hill
• Re: Isolate-Me explainer Emily Stark (Dunn)
• RE: Isolate-Me explainer Crispin Cowan
• Re: Isolate-Me explainer Emily Stark (Dunn)
• Re: Isolate-Me explainer Emily Stark (Dunn)

Tuesday, 20 September 2016

• Re: Workshop on Web Application Security 2016 Stanford University, Sep. 9, 2016 Deian Stefan
• Call availability during TPAC? Deian Stefan
• Re: Call on 9/21 Brad Hill
• Re: Isolate-Me explainer Artur Janc
• Re: Isolate-Me explainer Craig Francis
• RE: Isolate-Me explainer Crispin Cowan
• Re: Isolate-Me explainer Charlie Reis

Monday, 19 September 2016

• Re: Call on 9/21 Joel Weinberger
• Re: Isolate-Me explainer Tanvi Vyas
• Re: Isolate-Me explainer John Wilander
• Call on 9/21 Crispin Cowan
• Re: Isolate-Me explainer Emily Stark (Dunn)
• Re: Isolate-Me explainer Artur Janc
• Re: Isolate-Me explainer John Wilander
• RE: Isolate-Me explainer Crispin Cowan
• Re: [blink-dev] Must have SSL or dedicated IP address? Joseph Lorenzo Hall

Saturday, 17 September 2016

• Re: Autoclave Dan Kaminsky
• Fwd: DRM protest timed with TPAC 2016 Daniel Veditz
• Re: Autoclave Dan Kaminsky

Friday, 16 September 2016

• Re: Autoclave Sergey Shekyan
• Autoclave Bill Scannell
• Isolate-Me explainer Emily Stark (Dunn)

Thursday, 15 September 2016

• Re: [blink-dev] Must have SSL or dedicated IP address? Victor Costan

Friday, 16 September 2016

• Call for Exclusions: Secure Contexts Xueyuan Jia

Wednesday, 14 September 2016

• WebAppSec and Auto WG discussion during TPAC Ted Guild
• Re: 'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP) Daniel Veditz

Tuesday, 13 September 2016

• [webappsec] WG Note: CORS for developers Brad Hill
• Re: 'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP) Mike West

Monday, 12 September 2016

• Re: On the Insecurity of Whitelists and the Future of CSP Oda, Terri
• Re: [SRI] require-sri-for: missing integrity metadata? same-origin loads? Devdatta Akhawe
• Re: [SRI] require-sri-for: missing integrity metadata? same-origin loads? Sergey Shekyan
• Re: CSP: Embedded Enforcement Mike West
• Re: [SRI] require-sri-for: missing integrity metadata? same-origin loads? Frederik Braun

Friday, 9 September 2016

• Re: [SRI] require-sri-for: missing integrity metadata? same-origin loads? Daniel Veditz
• Re: [SRI] require-sri-for: missing integrity metadata? same-origin loads? Francois Marier
• Re: CSP: Embedded Enforcement Daniel Veditz
• Re: 'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP) Artur Janc
• Re: [SRI] reporting (Was: [SRI] require-sri-for syntax and additional SRI/CSP interaction Frederik Braun
• Re: [SRI] reporting (Was: [SRI] require-sri-for syntax and additional SRI/CSP interaction Mike West
• [SRI] reporting (Was: [SRI] require-sri-for syntax and additional SRI/CSP interaction Frederik Braun
• CSP: Embedded Enforcement Mike West
• Re: [SRI] require-sri-for: missing integrity metadata? same-origin loads? Mike West
• Re: [SRI] require-sri-for syntax and additional SRI/CSP interaction Mike West
• Re: 'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP) Mike West
• Re: 'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP) Daniel Veditz
• [SRI] require-sri-for syntax and additional SRI/CSP interaction Frederik Braun
• [SRI] require-sri-for: missing integrity metadata? same-origin loads? Frederik Braun
• Re: Quoted Referrer-Policy values Martin Thomson

Thursday, 8 September 2016

• Workshop on Web Application Security 2016 Stanford University, Sep. 9, 2016 Hodges, Jeff
• Re: On the Insecurity of Whitelists and the Future of CSP Jim Manico
• Re: 'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP) Artur Janc
• 'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP) Mike West
• Re: On the Insecurity of Whitelists and the Future of CSP Daniel Veditz
• Re: On the Insecurity of Whitelists and the Future of CSP Daniel Veditz
• Re: On the Insecurity of Whitelists and the Future of CSP Daniel Veditz
• Re: On the Insecurity of Whitelists and the Future of CSP Mike West
• Re: On the Insecurity of Whitelists and the Future of CSP Christoph Kerschbaumer
• Re: On the Insecurity of Whitelists and the Future of CSP Anne van Kesteren
• Re: On the Insecurity of Whitelists and the Future of CSP Artur Janc
• Re: On the Insecurity of Whitelists and the Future of CSP Artur Janc
• Re: On the Insecurity of Whitelists and the Future of CSP Anne van Kesteren
• Re: On the Insecurity of Whitelists and the Future of CSP Artur Janc
• Re: On the Insecurity of Whitelists and the Future of CSP Christoph Kerschbaumer
• Re: On the Insecurity of Whitelists and the Future of CSP Craig Francis

Wednesday, 7 September 2016

• Re: On the Insecurity of Whitelists and the Future of CSP Artur Janc
• Re: Quoted Referrer-Policy values Anne van Kesteren
• On the Insecurity of Whitelists and the Future of CSP Hodges, Jeff
• Re: Quoted Referrer-Policy values Mike West
• Re: Quoted Referrer-Policy values Anne van Kesteren
• Re: [webappsec] draft agenda for tomorrow's teleconference Frederik Braun
• Re: Quoted Referrer-Policy values Mike West
• CORS-safelisted request headers should be restricted according to RFC 7231 John Wilander

Tuesday, 6 September 2016

• [webappsec] draft agenda for tomorrow's teleconference Brad Hill
• Re: [suborigins] The origin relationship to suborigins Joel Weinberger

Last message date: Thursday, 29 September 2016 15:15:57 UTC